Allow users to delete images they uploaded (pict-rs)

maltfield commented 8 months ago

Requirements

[X] This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
[X] Please check to see if this request (or a similar one) already exists.
[X] It's a single feature. Please don't request multiple features in one issue.

Describe the feature you'd like

This is a request to implement a section of the Lemmy WUI where users can:

View all of the files that they've uploaded
Delete individual files (eg photos) that they've uploaded

Problem

Currently it's not possible in the Lemmy WUI for users to delete files that they've uploaded.

This is not just an inconvenience. It's a violation of user's rights, and it's a legal risk to lemmy instane admins. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).

The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher. At the time of writing, websites have been fined 98.4 million EUR for violating this class of GDPR violation (Insufficient fulfilment of data subjects rights).

Making the endpoint accessible over an API is not trivial and therefore doesn't satisfy this requirement. Google recieved one fine of 150 million EUR in 2022 simply for making it more than 1-click to reject cookies. Certainly requiring a user to figure out how to make API calls (including figuring out the darn delete token, which makes even seasoned admins scratch their heads) would not satisfy the GDPR's "Right to Erasure" requirement.

Solution

There should be a very straightforward way in the lemmy WUI for users to view & delete any files that they've uploaded.

maltfield commented 8 months ago

This is especially an issue because currently even deleting your user account doesn't delete the files you've uploaded

https://github.com/LemmyNet/lemmy-ui/issues/2384

maltfield commented 8 months ago

See also this ticket to add a section to the Lemmy UI for admins to be able to delete individual images.

https://github.com/LemmyNet/lemmy-ui/issues/2360

maltfield commented 7 months ago

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

Pdzly commented 7 months ago

@maltfield it is good that you didnt posted it, otherwise it could have gotten federated and then your image is everywhere.

My suggestion would be:

If you upload an image during writing a comment or post and press "Cancel", it should delete the image(s) that got uploaded If you upload an image during writing a comment or post and delete it after and still send the comment, it should remove the image uploaded

All images should be tracked who uploaded it, and the user himself should be able to look what images he upload and delete it on his behalf.

LemmyNet / lemmy-ui